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Dear Sir: 

Preliminary to examination of the above-referenced application, please amend the 
application: 



IN THE CLAIMS: 

Please amend claims 1-24 as follows: 

1. (Amended) A distributed storage system for storing at least one credential, provided 
by an issuing authority relating to an identity, the system comprising: 

at least one unique identity having a local store, the store of the at least one 
identity securely storing one or more credentials relating to the owner of the identity; and 

a security certificate provided at each identity for ensuring the authenticity of the 
one or more credentials, the sedurity certificate providing a secure reference to the issuer of the 
one or more credentials that can be used in verifying the origin of each credential 
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2. (Amended) A system according to Claim 1, wherein the at least one identity comprises 
a hierarchical structure. 

3. (Amended) A system according to Claim2, wherein the at least one identity comprises 
at least one role, the role being a subset of the identity having its own credentials within the 
identity. 

4. (Amended) A system according to Claim 1, further comprising a host site, the host site 
having a plurality of identities and associated stores. 

5. (Amended) A system according to Claim 4, wherein the host site comprises a 
management module for managing data access to and from the each of the identities and their 
associated stores. 

6. (Amended) A system according to Claim 4, wherein the host site comprises a trust 
financial institution's website. 

7. (Amended) A system according to Claim 1, wherein the identity comprises a website. 

8. (Amended) A system according to Claim 7, wherein the identity further comprises a 
homepage for providing general information regarding the identity. 

9. (Amended) A system according to Claim 1, wherein the local store of the identity 
comprises a portable mobile device which is connectable to a telecommunications network. 

10. (Amended) A system according to Claim 1, wherein the identity is arranged to store a 
private key of the identity for encryption of the identity. 

11. (Amended) A system according to Claim 10, wherein the identity is arranged to store 
a public key of the identity for decryption of the identity. 

12. (Amended) A system according to Claim 11, wherein the public key of the identity is 
embedded within each credential of the identity. 
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13. (Amended) A system according to Claim 1, wherein the identity is arranged to store a 
public key of the authority which has issued the one or more credentials to the identity. 

14. (Amended) A system according to Claim 13, wherein the public keys for each of the 
at least one role and the identity are stored in the appropriate store or identity. 

15. (Amended) A system according to Claim 1, wherein at least some of the credentials 
are arranged to be encrypted. 

16. (Amended) A system according to Claim 1, wherein the one or more credentials each 
refer to the corresponding security certificate. 

17. (Amended) A system according to Claim 1, wherein the security certificate comprises 
information describing the issuer, the identity to whom the certificate has been issued, a validity 
period and a list of credentials to which the certificate relates. 

18. (Amended) A system according to Claim 1, wherein the certificate is digitally signed 
using a private key and the certificate contains the public key for reading the digital signature. 

19. (Amended) A system according to Claim 1, wherein the identity further comprises a 
generator module for generating a certificate regarding the identity for use in proxying 
credentials to the store of a different identity. 

20. (Amended) A system according to Claim 1, wherein the identity further comprises a 
mailbox for receiving messages from other identities. 

21. (Amended) A system according to Claim 20, wherein the identity further comprises 
an authorization function module arranged to check that a request for access to the mailbox has 
originated from an authorized identity. 

22. (Amended) A method of storing credentials relating to identities provided by an 
issuing authority in a distributed manner, the method comprising: 
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securely storing one or more credentials relating to the owner of an identity in a local 
store of the identity; and 

providing a security certificate at the identity for ensuring the authenticity of the one or 
more credentials, the security certificate providing a secure reference to the issuer of the one or 
more credentials that can be used in verifying origin of each credential. 

23. (Amended) An identity of an entity for making available credentials belonging to the 
entity to other entities, each entity comprising: 

a local store arranged to securely hold one or more credentials relating to the entity; and 

a certificate processing module for reading and verifying received security certificates 
and creating security certificates for transmission, the security certificates providing a secure 
reference to the issuer of the one or more credentials that can be used in verifying the origin of 
each credential. 

24. (Amended) A distributed storage system for storing a plurality of credentials, the 
system comprising a plurality of identities for making available credentials belonging to an 
entity to other entities, each entity comprising a local store arranged to securely hold one or 
more credentials relating to the entity ;and 

a certificate processing module for reading and verifying received security certificates 
and creating security certificates for transmission, the security certificates providing a secure 
reference to the issuer of the one or more credentials that can be used in verifying the origin of 
each credential. 
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REMARKS 



The above-referenced application is amended to correct the minor clerical errors and delete 
the multiple dependencies of claims 4, 6, 7, to 13, and avoid the multiple dependent claim filing 
fee. 

Attached hereto is a marked-up version of the changes made to the claims by the current 
amendment. The attached pages are captioned "Marked-Up Version Showing Changes". 



Respectfully submitted, 



LOWE HAUPTMAN GILMAN & BERNER, LLP 



Allan M. Lower 
Registration Number 19,641 




1700 Diagonal Road, Suite 310 
Alexandria, Virginia 22314 
(703) 684-1111 AML 
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Claims: 
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1. A distributed storage system for storing at least one credential [(46)], provided 
by an issuing authority and relating to an identity [(42, 44)] , the system comprising: 

5 at least one unique identity [(42, 44)] having a local store [(40)] , the store 

[(40)] of the at least one identity [(42, 44)] securely storing one or more credentials 
[(46)] relating to the owner of the identity [(42, 44)]; and 

a security certificate [(66)] provided at each identity [(42, 44)] for ensuring the 
authenticity of the one or more credentials [(46)], the security certificate [(66)] 
10 providing a secure reference to the issuer of the one or more credentials [(46)] that can 
be used in verifying the origin of each credential [(46)]. 

2. A system according to Claim 1, wherein the at least one identity [(42, 44)] 
comprises a hierarchical structure. 

15 

3. A system according to Claim 2, wherein the at least one identity [(42, 44)] 
comprises at least one role [(48)], the role [(48)] being a subset of the identity [(42, 
44)] having its own credentials [(46)] within the identity [(42, 44)]. 

20 4. A system according to Claim 1 [any of Claims 1 to 3], further comprising a 
host site [(190)], the host site [(190)] having a plurality of identities [(42, 44)] and 
associated stores [(194, 196, 198)]. 

5. A system according to Claim 4, wherein the host site [(190)] comprises a 
25 management module [(200)] for managing data access to and from the each of the 

identities [(42, 44)] and their associated stores [(194, 196, 198)]. 

6. A system according to Claim 4 [or 5], wherein the host site [(190)] comprises 
a trusted financial institution's website [(190)]. 

30 

7. A system according to Claim 1 [or 4], wherein the identity [(42, 44) or host 
site ] [(190)] comprises a website [(80, 190)]. 
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8. A system according to Claim 7, wherein the identity further comprises a 
homepage [(82)] for providing general information regarding the identity [(42, 44)]. 

9. A system according to Claim 1, wherein the local store [(40)] of the identity 
5 [(42 ? 44)] comprises a portable mobile device which is connectable to a 

telecommunications network [(84)]. 

10. A system according to Claim 1, wherein the identity [(42, 44)] is arranged to 
store a private key [(50)] of the identity [(42, 44)] for encryption of the identity [(42, 

10 44)]. 

11. A system according to Claim 10, wherein the identity [(42, 44)] is arranged to 
store a public key [(52)] of the identity [(42, 44)] for decryption of the identity [(42, 
44)]. 

15 

12. A system according to Claim 11, wherein the public key [(52)] of the identity 
[(42, 44)] is embedded within each credential [(46)] of the identity [(42, 44)]. 

13. A system according to Claim 1 [or 11], wherein the identity [(42, 44)] is 
20 arranged to store a public key [(58, 60, 62)] of the authority [(86)] which has issued 

the one or more credentials [(46)] to the identity [(42, 44)]. 

14. A system according to Claim 13, wherein the public keys [(52, 58, 60, 62)] for 
each of the at least one role [(48)] and the identity [(42, 44)] are stored in the 

25 appropriate store [(40)] or identity [(42, 44)]. 

15. A system according to Claim 1, wherein at least some of the credentials [(46)] 
are arranged to be encrypted. 

30 16. A system according to Claim 1, wherein the one or more credentials [(46)] 
each refer to the corresponding security certificate [(66)]. 
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17. A system according to Claim 1, wherein the security certificate [(66)] 
comprises information describing the issuer [(70)], the identity to whom the certificate 
[(66)] has been issued [(72)], a validity period [(78)] and a list [(76)] of credentials to 
which the certificate [(66)] relates. 

5 

18. A system according to Claim 1, wherein the certificate [(66)] is digitally 
signed using a private key and the certificate [(66)] contains the public key [(58)] for 
reading the digital signature [(78)]. 

10 19. A system according to Claim 1, wherein the identity further comprises a 
generator module [(98, 200)] for generating a certificate [(66)] regarding the identity 
[(42, 44)] for use in proxying credentials [(46)] to the store [(88)] of a different 
identity [(42, 44)]. 

15 20. A system according to Claim 1, wherein the identity [(42, 44)] further 
comprises a mailbox [(90)] for receiving messages from other identities [(42, 44)]. 

21. A system according to Claim 20, wherein the identity further comprises an 
authorisation function module [(92)] arranged to check that a request for access to the 

20 mailbox [(90)] has originated from an authorised identity [(42, 44)]. 

22. A method of storing credentials [(46)] relating to identities provided by an 
issuing authority in a distributed manner, the method comprising: 

securely storing one or more credentials [(46)] relating to the owner of an 
25 identity [(42, 44)] in a local store [(40)] of the identity [(42, 44)]; and 

providing a security certificate [(66)] at the identity [(42, 44)] for ensuring the 
authenticity of the one or more credentials, the security certificate [(66)] providing a 
secure reference to the issuer of the one or more credentials [(46)] that can be used in 
verifying origin of each credential [(46)]. 

30 

23. An identity [(42, 44)] of an entity for making available credentials [(46)] 
belonging to the entity to other entities, each entity comprising: 
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a local store [(40)] arranged to securely hold one or more credentials [(46)] 
relating to the entity; and 

a certificate processing module [(98, 200)] for reading and verifying received 
security certificates [(66)] and creating security certificates [(170)] for transmission, 
5 the security certificates [(66, 170)] providing a secure reference to the issuer of the 
one or more credentials [(46)] that can be used in verifying the origin of each 
credential [(46)]. 

24. A distributed storage system for storing a plurality of credentials [(46)], 
10 the system comprising a plurality of identities [according to Claim 24] for making 
available credentials belonging to an entity to other entities, each entity comprising a 
local store arranged to securely hold one or more credentials relating to the entity; and 
a certificate processing module for reading and verifying re ceived security 
certificates and creating security certificates for transmission, the security certificates 
15 providing a secure reference to the issuer of the one or more credentials that can be 
used in verifying the origin of each credential . 
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